Pirates Hacked Shipping Firm's CMS To Plan Attacks, Find Valuable Cargo

An anonymous reader writes: Verizon's most recent Data Breach Digest includes a curious hacking case. Apparently a group of sea pirates have hired a hacker who uploaded a Web shell to a shipping company's CMS that allowed them to download cargo inventories and ship routes. They then used this information to attack ships, equipped with a barcode reader (and weapons of course), searching specific crates, emptying all the high-value cargo, and making off with the loot within minutes of launching their attacks.

Re:Unarmed ships are helpless.

[JWSmythe]

There are legal issues about having weapons on a ship. That is, when they transit different national waters, they may, or may not, be allowed to have some, or any, weapons on the ship, regardless if it's stored or not.

Simpler. Say your boat leaves a country where you can legally have Gatling guns. You transit inside another nation's waters where you can't legally have one, such as the Canada, US, or Mexico. You could end up in jail over it. Depending on the rules and policies, it could be the responsible party, captain, or crew. Unmounting the Gatling gun, and placing it in a locker isn't usually good enough.

Cargo ships can be transiting the waters of many nations during their cruise.

I wouldn't really focus on the chance of escalating force. The pirates that are committing most of these crimes are working on a real shoe-string budget. Like, a small boats, where the pirates are armed with knives, rifles, and the (very) occasional RPG. Clicking through the pirate activity map, I couldn't find any reports stating heavier weapons than rifles. Most were unarmed, or armed with knives. If they could afford, or steal, better ships and weapons, they'd be doing it already.

Pirate activity map

Here is a writeup on the issue